systems . However , secure messaging is just one small part of HIPAA compliance .
So , why are compliance and cybersecurity in health care such epidemics lately ? Our patients are partly to blame . Patients of all ages and backgrounds have become tech-savvy consumers . They want portals , apps , and access to their medical records online . This has skyrocketed the need for compliance , privacy , and security . It ’ s what prompted Amazon to release HIPAA-compliant Alexa skill sets and what resulted in Facebook ’ s $ 5 billion fine from the FTC . Breaches are everywhere recently , from BCBS Anthem ’ s $ 16 million fine and $ 115 million settlement to the Labcorp / Quest breach of 20 million patient records . But fines and breaches don ’ t just affect the big guys : 91 % of all health care organizations reported a data breach in the past two years . Every one of these breaches affects the business associates and vendors with whom they work . It ’ s not a matter of “ if ” we ’ ll be breached ; it ’ s a matter of “ when ." In fact , 49 % of breaches stem from the third-party vendor , as was the case with Labcorp / Quest ’ s collection agency . That ’ s where you come in : Compliance is an absolute requirement for MSPs , but it ’ s also a massive opportunity .
HIPAA guidelines such as network security , backup and recovery , data encryption , secure passwords , multifactor authentication , physical security , and annual risk assessments were designed to protect us and prevent a breach of our sensitive patient information . But why do hackers even care about our medical information in the first place ? As it turns out , a medical record is worth ten times the price of a credit card on the black market . It contains comprehensive personal information for multiple selling opportunities on the dark web . And for what is it used ? Obtaining medical care , filling prescription drugs , faking insurance claims , filing tax returns , and of course , creating new identities . That ’ s why we should all care about HIPAA . A data breach is expensive for everyone involved . The average cost to an organization is roughly $ 8 million , plus lost productivity and customer trust . Damage to a reputation ? Priceless . In fact , 72 % of businesses shut down within 24 months following a breach . Brookside ENT & Hearing Center is one of those sad statistics : A ransomware attack encrypted all their practice data . The hackers demanded $ 6,500 for a decryption key , but the doctors refused to pay . As a result , all patient records , schedules , and payments were deleted . No backup , no recovery ; the doctors retired rather than trying to rebuild .
Ransomware attacks are trending , and 71 % target smallto medium-sized practices since those businesses are less likely to protect themselves . We ’ re low-hanging fruit for hackers , and we need your help . So here ’ s a story with a happy ending : When NEO Urology Associates got hacked in June of this year , their IT firm ( yes , they had an IT firm ) rescued their data within 48 hours , and their cybersecurity insurance ( yes , they had cybersecurity insurance ) paid the claim . The real cost of this protection ? Priceless .
Sure , you may hear clueless excuses from your clients : “ We can ’ t afford a service like this ; my office is too small to get hacked ; my EMR is compliant , so I must be too .” This article should now help you respond with surgical precision . You can ’ t afford not to have a service like this .
HELPING MSPS TO
MORE
Close More Business Offer More Services Keep More Customers
Your office is a tasty snack for hackers , and there ’ s far more to compliance than just your EMR .
In the U . S ., there are 230,000 physician practices , 100,000 dental offices , 63,000 physical therapy centers , 34,000 standalone pharmacies , 15,600 nursing homes , and 12,000 home health agencies . Now , multiply that number by 10 to include all their business associates and vendors . These are your customers ; all of them need compliance , and all of them need you .
The prognosis is clear : Compliance presents an incredible opportunity — the opportunity for MSPs to protect their customers , their reputations , and their livelihoods . Best of all , we ( your health care clientele ) will gladly pay for your help .
AUTHOR BIO :
Dr . Habash is the Chief Medical Officer for Everbridge and serves as both a Microsoft consultant and HIPAA compliance consultant for technology providers . She is also the Medical Director of Technology Innovation for Bascom Palmer Eye Institute . Some of her honors include : America ’ s Top Doctors ; Top Healthcare Entrepreneurs to Know ; and the Ophthalmologist Power List , an award recognizing the top 50 ophthalmology stars in the world . n
VOLUME 1 ISSUE 4 • MSPSUCCESSMAGAZINE . COM | 7